Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

eWEEK's Top 10 Vendors: Cloud Access Security Brokers

eWEEK is creating a new series of articles which examine all sectors of IT and present up-to-date research and analysis on the leading companies in each space. It's all designed for enterprise buyers of hardware, software, services and cloud products to have more and better information in hand when the time comes to make an investment.

WEBINAR:On-Demand

It’s no secret that cloud computing has changed enterprise security requirements. As organizations adopt new services, applications and methods to manage data, the need to address changing data models and threat risks is essential. According to Alert Logic’s 2017 Cloud Security Report, the number of cloud security incidents occurring in an 18-month span extended beyond 2.2 million. “Smart attackers, always seeking the weakest spots in network defenses, understand the changing attack scene and have retooled accordingly,” the report noted.

Today, organizations must address an array of issues that revolve around web applications, data flow, network designs, cloud infrastructure and other key areas. Although major cloud providers typically offer robust built-in protections—including strong authentication, encryption and malware detection—there are often gaps in protection that result when organizations rely on multiple cloud service providers, different network topologies and numerous applications. These risks often involve key areas such as web application firewalls (WAFs), secure web gateways (SWGs) and data loss prevention (DLP).

Cloud access security brokers (CASB) take aim at this issue. As Gartner puts it: “They deliver differentiated, cloud-specific capabilities generally not available as features in other security controls.” What’s more, “CASB vendors understand that for cloud services the protection target is different: it’s still your data but processed and stored in systems that belong to someone else.” Consequently, CASBs store policy management information and governance details across multiple cloud services. This delivers granular visibility and stronger controls. Gartner predicts that by 2022, 60 percent of large enterprises will use a CASB to govern cloud services, up from 20 percent today.

Here’s a look at 10 of the top vendors in the cloud security space. These ratings were created with data and reviews from Gartner Peer Insights as well as G2 Crowd and IT Central.

Bitglass runs natively from the cloud but it also can be deployed as a Docker container that serves as a host on-premises. The vendor has emerged as a leader in the CASB space by introducing a zero-day approach heavily tilted toward trust ratings, trust levels and at-rest encryption that’s tightly integrated with enterprise compliance and governance requirements. The platform, which extends to mobile security and shadow IT controls, is powered by an agentless “AJAX Virtual Machine (VM)” abstraction layer transparently embedded within a user’s browser to support real-time data protection in specific scenarios, including unmanaged devices. Bitglass CASB features an automated learning mode, digital watermarks, and strong data loss prevention. On the downside, Gartner points out that the solution isn’t able to modify SaaS application native security controls and it is limited in its ability to assign and consumer Azure Information Protection templates. Overall, Gartner rated Bitglass a leader in its 2018 Magic Quadrant ratings. Users say that the solution is intuitive and offers powerful capabilities.

Encryption and tokenization are key elements of cloud security. CipherCloud, which has offered a CASB solution since 2011, places a heavy emphasis on data protection through cloud-native security and compliance across SaaS, PaaS and IaaS platforms. The solution offers robust cloud-based visibility and controls—extending to applications running in the cloud—and it can manage both structured and unstructured data. One of the biggest strengths of the solution is an ability to encrypt data before delivering it to SaaS applications—while preserving partial application functionality. The solution manages keys for SaaS-native encryption mechanisms in the CipherCloud or a KMIP-compliant key management server. Potential weakness includes adaptive access controls and continuous risk assessment tools that trail competitors, Gartner noted. It positioned the company between a visionary and leader in its Magic Quadrant. Some adopters rate the product a bit difficult to use and say it’s a bit pricy. Overall ratings are extremely high.

Cisco acquired Cloudlock in 2016 and has strived to incorporate the company into its portfolio of cloud-based products. The CASB solution offers a number of powerful capabilities, including the ability to configure policies dynamically and aggregate users into specific groups, based on real-time actions and behavior. The solution can also constrain user behavior, thus providing a powerful form of adaptive access control. In addition, Cloudlock provides powerful controls, based on OAuth, that can override permissions and block certain types of cloud attacks. A strong API framework helps organizations extend controls to SaaS applications that do not include native support for these and other features. One of the drawbacks to the approach Cloudlock takes is that all these features and controls are based on sanctioned applications that provide APIs. Cisco also offers no support for CSPMs. Users rate the platform as easy-to-implement, powerful and highly scalable.

Identifying shadow IT, preventing compromised accounts and ensuring secure mobile access to cloud apps covers a broad expanse of enterprise security requirements. Clouds ratchet up the challenges exponentially. Forcepoint CASB focuses on these issues. It delivers a broad package of security products that revolve around secure web gateways, email security, user and entity behavior analytics, DLP and data security, and imposing a network firewall. The solution delivers a powerful engine that meshes with workflows and enterprise policies. It also offers risk scoring, anomaly detection, strong analytics and metrics tools, real-time oversight and powerful application governance. The focus is heavily tilted toward business applications. One of the key cautions for adopting the platform revolve around an inability to configure control policies toward preferred SaaS applications. Users describe the solution as powerful, granular and highly flexible. Gartner rates it in the middle of its quadrant.

Microsoft’s acquisition of Adallom in 2015 broadened the company’s security solutions. MCAS offers a reverse-proxy-plus-API CASB that can operate independently or part of Microsoft’s Enterprise Mobility + Security (EMS) suite. This includes tools for Azure and other applications and components. The solution also includes threat protections and sophisticated analytics. Gartner describes the interface as “intuitive” and says that the solution handles complex policies using a visual editor. This makes the process simpler by eliminating scripting and programming. It also offers suggestions and hints that can guide an organization to more robust cloud security. Finally, it delivers strong automation, particularly around watermarking and encryption. Gartner positions in the company in the “challenger” quadrant, while users say that while it can be a bit tricky to implement, it delivers powerful features and strong protections.

Netskope remains an independent company in a space where major software and networking companies are scooping up CASB solution providers. The company has been shipping products since late 2013. The company focuses heavily on application discovery and SaaS security posture assessments. Among its strengths are strong analytics tools, including behavioral analytics, and a robust alert system. This, among other things, helps Netskope spot vulnerabilities in APIs, mobile devices and shadow IT. Gartner labeled the company a leader in its 2018 Magic Quadrant. Users report that the solution offers strong visibility, powerful DLP features and excellent threat intelligence feeds. Complaints revolve around difficulties configuring agents and a limited ability to use APIs for remediation. Many CASB vendors now incorporate APIs for posture assessment as well.

Oracle has moved beyond a one-solution-fits-all approach to CASB. Its solution, originally Palerra, offers discovery and deep visibility into SaaS applications using a log-based approach that revolves around cloud activity. This helps the solution identify risky applications installed through Oracle, Salesforce and other platforms. The result is strong security monitoring, threat protection and incident response. Organizations can also license Inline DLP (for real-time detection) and API DLP (for retroactive scanning). One of Oracle CASB’s strengths is a high level of flexibility, including the ability to expand detection to new content easily. In addition, custom applications running in the Java Virtual Machine (JVM) require no further action. They are automatically protected. Finally, Oracle CASB monitors for misconfigurations and notify users when a problem may be present—and when the organization doesn’t match industry benchmarks. Oracle landed as a challenger on its way to becoming a leader in Gartner’s MQ. Users praise the platform for easy integration and strong protection capabilities but say it can prove difficult to fully integrate across a portfolio of cloud solutions.

Palo Alto Networks acquired CirroSecure in 2015. It has since relaunched the solution to include more focused cloud security tools. Today’s solution is heavily focused on discovery along with SaaS policy and security management. Aperture includes strong data classification and monitoring tools, DLP, user activity tracking, known and unknown malware protection and detailed risk and usage reporting. Among its strengths is an ability to identify SaaS and non-SaaS web applications that can be used to exfiltrate data. It also delivers comparisons to multiple industry baselines and it suggests configuration changes to improve compliance. Cautions include configuration complexity and a lack of functionality in a few key areas, including reverse-proxy inspections. Gartner rates Palo Alto Networks as a niche player in the CASB space. Users say that Aperture is an excellent product with strong functionality, though it lacks some desirable features. They rate the company’s support high.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.